Principal DevSecOps Engineer

Principal DevSecOps Engineer Job Description

As cyber threats evolve, it becomes increasingly important to incorporate security as a core element of the software development process. In this challenging and rewarding role, you will be responsible for designing and implementing systems that prioritize security from the beginning of the software development life cycle (SDLC). By working closely with software development, security, and Cloud operations teams, you will help to improve processes, tools, and culture to ensure that security is treated as a shared responsibility. Through your efforts, our continuous integration and continuous Cloud delivery (CI/CD) are done securely.

As a Principal DevSecOps Engineer at Deriv, you will have the opportunity to make a real impact on our company's success. If you are a highly skilled and motivated engineer with a passion for building secure, scalable, reliable systems, apply for this role to take on a new challenge and make a real difference.

Your Challenges

1. Work closely with Engineering and Operations to ensure that security and privacy are integrated into all aspects of the Software Development Lifecycle.
2. Threat modeling, evaluation, and analysis of potential risks associated with different processes, systems, or technologies.
3. Perform manual source code analysis, reviews, and testing in a variety of programming languages.
4. Create and implement automated processes and tools to improve the efficiency and effectiveness of security controls.
5. Regularly check and monitor processes and systems to identify any potential vulnerabilities or weaknesses.
6. Respond to and manage security incidents, such as data breaches or cyber-attacks, immediately and effectively.
7. Create awareness of security best practices to various teams through presentations and learning tools on security exploits and associated risks.
8. Testing, selection, and implementation of technologies, tools, and working methods: Evaluate and test different security technologies, tools, working methods and implement those that are deemed appropriate and effective for the organization.
9. Collaborate with the wider security team to share ideas, tools, and processes and help reinforce a security culture within Deriv.

What You Have

• 15+ years of relevant experience, including hands-on security roles, leadership, and mentoring positions.
• The ability to inspect code and actively seek out security issues and vulnerabilities.
• Strong understanding of software development, security, operations principles, and best practices across various software stacks.
• Proficiency in one or more programming languages (e.g., Perl).
• Knowledge of Public Cloud Security tools, services, and components including IaC and Containers.
• Experience with DevOps tools and best practices (e.g., Git, Jenkins, CircleCI, Ansible).
• Knowledge of security and privacy principles including best practices (e.g., authentication, authorization, encryption, GDPR).
• Strong problem-solving skills.
• Excellent spoken and written English communication skills.
• Bachelor's or master's degree in computer science or a related field.

Benefits

• Market-based salary
• Annual performance bonus
• Medical insurance
• Housing and transportation allowance
• Casual dress code
• Work Permit
• A chance to work with top talent from across the globe (70+ nationalities)
• Ample team-building and bonding activities
• Great overseas travel opportunities